Cyber Risks: Viruses, Worms, Trojans, and More

Of the five current most common cyber threats forecasted through 2020, the broad classification that includes viruses, worms and Trojans remains near the top of list, cyber experts say.

In an earlier article on the cyber class I taught during "Scaling New Heights 2017," I wrote about the No. 1 cyber threat. This article outlines fundamental information on the second most common cyber threat.

Viruses

A virus is a contagious program or computer code that attaches itself to another piece of software, and then reproduces itself when that software runs. Most often, sharing software or files between computers spreads viruses.

A stealth virus can infect a computer system in a number of ways. For example, this happens when a user downloads a malicious email attachment, installs malware masquerading as programs from websites or uses unverified software infected with malware.

Similar to other viruses, it can take over a wide variety of system tasks and affect the computer's performance. When performing such tasks, antivirus programs detect the malware, but the stealth virus is designed to actively remain hidden from antivirus programs. It accomplishes this by temporarily moving itself away from the infected file, and copying itself to another drive and replacing itself with a clean file.

The stealth virus also can avoid detection by concealing the size of the infected file.

Macro viruses add their code to the macros associated with documents, spreadsheets and other data files. The first macro virus, called Concept, appeared in July 1995. Macro viruses (mostly infecting Word documents) subsequently became the dominant type of virus until the turn of the century, when Microsoft disabled macros by default in Office (versions since Office 2000).

Since then, cyber criminals have had to try and trick their victims into enabling macros before their infected macro is can run.

One of the most common forms of recent virus infections are browser redirect malware, which produce unwanted browser results by redirecting your searches to alternative internet sites that may in fact imitate the legitimate site you were searching for.

The Firefox Redirect Virus is one such example of this type of virus. And while it might seem it's limited to the Firefox browser, variants of the same malware also can impact Internet Explorer or Google Chrome. New variants of this type of malware continue to appear.

Worms

Worms are programs that replicate themselves and destroy data and files on the computer they invade. Worms work to "eat" your system’s operating and data files until the drive is empty.

A Warhol worm is a computer worm that rapidly replicates, infecting a wide swath of computers in as little as 15 minutes. Some researchers assert that a true Warhol worm could infect all computers on the internet within a 15-minute time frame, hence the phrase Andy Warhol once famously said, "Everyone will be famous for 15 minutes.“

The Sapphire worm – also called Slammer or SQL Slammer – was the first that approached these limits, raising interest in how much damage a malicious, rapidly spreading worm might be able to cause.

Although the Sapphire didn’t carry any malicious payload, it still was destructive. Its appearance suggests that Warhol worms are not just a theoretical threat, but an actual one.

Computer worms are a significant security concern because they self-replicate, are self-contained and propagate through a computer's existing data transport mechanisms without any human interaction.

A computer worm coupled with a Trojan virus – hybrid malware – is a worm with a Trojan payload that's capable of using multiple means of transport to make multiple types of attacks and hide itself for future attacks.

The ability to create hybrid malware of this type is what makes a true Warhol worm such a concern. A worm carrying a malicious payload, delivered across all hosts on the internet within 15 minutes means the destruction caused by the payload would happen before human response could stop the damage.

If you want to keep your computer safe from malware, keep your computer's operating system up to date, use a modern browser, and keep all software programs current and patched with latest security patches. Use antivirus and internet security products that provide real-time, comprehensive protection from all threats.

Trojans

A Trojan is another type of malware named after the wooden horse the Greeks used to infiltrate the city of Troy. It is a harmful piece of software that looks legitimate. Users typically are tricked into loading and executing it on their systems.

After it's activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses).

Trojans also are known to create back doors to give malicious users access to the system.

Unlike viruses and worms, Trojans do not reproduce by infecting other files, nor do they self-replicate. Trojans must spread through user interaction, such as opening an email attachment or downloading and running a file from the Internet.

Trojans execute unauthorized programs on infected computers by means of normal user actions. They proceed to delete information on discs, make the system freeze, steal personal information or a multitude of other malicious activities.

Trojans are not a virus in the traditional since, because they do not infect other programs or data), but rather intrude into the PC and spread by violators as “useful” and necessary software. The result is that Trojans frequently yield greater damage than a traditional form of virus.

The Newest Kid on the Block

Microsoft Windows PowerShell is a task automation and configuration management framework consisting of a command-line shell and associated scripting language built on the .NET framework and .NET core.

While the adoption of PowerShell rapidly has become the accepted standard by Windows administrators, it also has proven fruitful ground for malware developers looking for stealthy deployment, lateral movement and reconnaissance capabilities.

Tiny PowerShell malware stored in memory or in the registry is likely to have a field day on modern Windows systems. Cyber criminals are taking this one step further by developing ephemeral infections that are memory-resident. This malware is intended for general reconnaissance and credential collection with no interest in persistence.

Rather than stick around and perform their "malicious trade" in stealthy ways, these new ephemeral infections get in quickly, do their dirty work faster and then depart as quickly as they came.

In highly sensitive environments, attackers may be satisfied to operate until a reboot wipes their infection from memory, if it means avoiding all suspicion or potential operational loss from the discovery of their malware by defenders and researchers.

These Ephemeral infections highlight the need for proactive and sophisticated anti-malware solutions.

Malware is being developed faster than cyber specialists can respond. Your current “up-to-date” antivirus and anti-malware software may certainly not be a match for the new virus, worm or Trojan on the block. Still, keeping your first line of defense and your operating system current is critical to preventing your computer and/or network from becoming a cyber criminal’s next victim.